Mailing List Archive

Support open source code!


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: canna port security




[snip]
> 
> Thanks, John.  
> 
> I'd already tried that and still the port is open.
> There was no /etc/hosts.cannna file so I created one. No joy though.
> 
> I get this from cshost:
> 
> Connected to unix
> access control enabled
> HOST NAME:localhost
> ALL USER
> 
> HOST NAME:unix
> ALL USER
> 
> but nmap still shows the port open on 5680

The port is still open because the canna service is doin it's own security
which means that it must be able to connect to an incoming request,
determin if it is allowed then either drop the connection or continue
according to it's rules.  If you want it to be invisible to the outside
world, then you should set up a firewall rule which would be kernel level
instead of application level security.  In that case, you can foget about
setting up the security for canna in specific as the firewall rule and the
canna rule would be redundant.

--
Marc C.
http://www.mecworks.com


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links